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CCNA Security Lab 15 - Cisco IOS Secure Copy - CLI 

Lab 15 


Cisco IOS Secure Copy 
Lab Objective: 

The objective of this lab exercise is for you to learn and understand how 
configure the Cisco IOS Secure Copy feature on Cisco IOS routers. 

Lab Purpose: 

The Secure Copy (SCP) feature relies on Secure Shell (SSH) and provides a secure 
and authenticated method for copying router configuration or router image files. 

Lab Difficulty: 

This lab has a difficulty rating of 7/10. 

Readiness Assessment: 

When you are ready for your certification exam, you should complete this lab in 
no more than 15 minutes. 

Lab Topology: 

Please use the following topology to complete this lab exercise: 



Lab 15 Configuration Tasks 
Task 1: 

Configure the hostnames and IP addresses on R1 and R2 as illustrated in the 
network diagram. Configure R2 to send R1 clocking information at a rate of 
512Kbps. Ping between R1 and R2 to verify your configuration and ensure that the 
two routers have IP connectivity. 

Task 2: 

Configure R1 as an SCP server as follows: 

Configure a domain name ofhowtonetwork.net 
Use an RSA key size of 1024 

The SSH session should time out after 30 seconds of inactivity 
SSH users can only attempt to log in 2 times 










Task 3: 


Configure a user with the name admin, 
a privilege level of 15 and a secret of cisco on Rl. 

Task 4: 

Configure Authentication and Authorization on Rl as follows: 

Authentication for inbound connections should be performed against the local 
database 

Authorization for EXEC access should be granted based on local user privileges 

Task 5: 

Save the running configuration of Rl to Flash memory using the file name 
TEST. In addition to this, configure 

Rl as a TFTP server so that remote users can download this file. 

Task 6: 

Securely copy the file TEST from Rl 

to the Flash memory of R2 and verify your work. 

Lab 15 Configuration and Verification 
Task 1: 

Router(config)#hostname Rl 

Rl(config)#interface serialO/O 

Rl(config-if)#no shutdown 

Rl(co nfig-if)# ip address 10.1.1.1 255.255.255.0 

Rl(config-if)#end 

Rl# 

Router(config)#hostname R2 
R2(config)#int serialO/O 
R2(config-if)#no shutdown 

R2(co nfig-if)#ip address 10.1.1.2 255.255.255.252 
R2(config-if)#clock rate 512000 

R2 (co nfig -if)#exit 

R2(config)#exit 

R2# 

R2#ping 10.1.1.1 


Type escape sequence to abort. 



Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: 

! 1111 

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms 

Task 2: 

Rl(config)#ip domain-name howtonetwork.net 
Rl(config)#crypto key generate rsa 

The name for the keys will be: Rl.howtonetwork.net 
Choose the size of the key modulus in the range of 360 to 2048 for your 
General Purpose Keys. Choosing a key modulus greater than 512 may take 
a few minutes. 

How many bits in the modulus [512]: 1024 

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK] 

Rl(config)#ip ssh time-out 30 
Rl(config)#ip ssh authentication-retries 2 
Rl(config)#ip scp server enable 

Rl(config)#exit 

Rl# 

Task 3: 

Rl(config)#username admin privilege 15 secret cisco 

Rl(config)#exit 

Rl# 

Task 4: 

Rl(config)#aaa new-model 

Rl(config)#aaa authentication login default local 
Rl(config)#aaa authorization exec default local 

Rl(config)#exit 

Rl# 

Task 5: 

Rl#copy running-config flash: 

Destination filename [rl-confg]? TEST 
Erase flash: before copying? [confirm]n 
Verifying checksum... OK (0x9A6B) 




2746 bytes copied in 10.681 secs (257 bytes/sec) 

Rl(config)#tftp-server flash:TEST 

Rl(config)#exit 

Rl# 

Rl#show flash: 

System flash directory: 

File Length Name/status 

1 19615064 c2600-advsecurityk9-mz.l24-15.T9.bin 

2 1038 home.shtml 

3 2754 sdmconfig-26xx.cfg 

4 112640 home.tar 

5 1505280 common.tar 

6 6389760 sdm.tar 

7 931840 es.tar 

8 2766 TEST 

[28567284 bytes used, 4462856 available, 33030140 total] 
32768K bytes of processor board System flash (Read/Write) 

Task 6: 

R2#copy scp: flash: 

Address or name of remote host []? 10.1.1.1 
Source username [R2]? admin 
Source filename []? TEST 
Destination filename [TEST]? 

Erase flash: before copying? [confirm]n 
Password: 

! 

Verifying checksum... OK (0x6C6) 

2766 bytes copied in 3.843 secs (720 bytes/sec) 

R2# 

Lab 15 Configurations 
Rl Configuration 

Rl#show running-config 
Building configuration... 



Current configuration : 2789 bytes 
! 

version 12.4 

service timestamps debug datetime msec 
service timestamps log datetime msec 
no service password-encryption 
! 

hostname R1 
! 

boot-sta rt-ma rke r 
boot-end-ma rker 
! 

no logging console 
! 

aaa new-model 
! 

! 

aaa authentication login default local 
aaa authorization exec default local 
! 

! 

aaa session-id common 
no network-clock-participate slot 1 
no network-clock-participate wic 0 
ip cef 
! 

! 

! 

! 

no ip domain lookup 

ip domain name howtonetwork.net 

i 


multilink bundle-name authenticated 



crypto pki trustpoint TP-self-signed-533650306 
enrollment selfsigned 

subject-name cn=IOS-Self-Signed-Certificate-5 3 3 65 0306 
revocation-check none 
rsakeypair TP-self-signed-533650306 
! 

! 

crypto pki certificate chain TP-self-signed-533650306 
certificate self-signed 01 

30820238 308201A1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 
69666963 6174652D 35333336 35303330 36301E17 0D303230 33303130 31303335 
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3533 33363530 
33303630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 
A10043E2 FB10C1D1 BA18F3AD 554F081C ACA14F4C EA48E0C1 4739653D B7759EE7 
8EB29881 7F391723 E2BB7EC6 54EB6F25 B4E94520 DF8DA15C 3B9E6F7C 3AA57549 
80AB643F A9427071 965DD56A 2D3E60CE 775F2ED5 C9014FCD F313F3EB B5189F62 
09F461BC 32E3E78F F93C8B07 0740DDA8 7B880D1B A3185787 CE621B35 3511A9D5 
02030100 01A36230 60300F06 03551D13 0101FF04 05300301 01FF300D 0603551D 
11040630 04820252 31301F06 03551D23 04183016 8014CD63 D2C471B7 ABA4ACF9 
C2B6020D 4A895471 C7F9301D 0603551D 0E041604 14CD63D2 C471B7AB A4ACF9C2 
B6020D4A 895471C7 F9300D06 092A8648 86F70D01 01040500 03818100 6BE0FD98 
BEC0DCDD AA6E3059 44434A63 DECC9224 22D81B23 35A29E70 74C17E92 14001495 
9E01FEA1 373EB386 9A046E56 14910BC5 05671798 869B8753 96E711EA E51B8908 
130D9B62 52F21D30 02B4C8AE FBB2919E 14815B80 E1C2FB39 97FEC0C2 190CAC10 
DD5CB1E3 EE8724A7 9A256D79 11855629 06428889 E237A7B9 D2808A50 
quit 

! 

! 

username admin privilege 15 secret 5 $l$qMaz$S4.GkllbxDSA4iWn7CBQull. 
archive 
log config 
hidekeys 



! 

! 

! 

! 

ip ssh time-out 30 
ip ssh authentication-retries 2 
ip scp server enable 
! 

! 

! 

interface FastEthernetO/O 
ip address 172.16.1.1 255.255.255.0 
duplex auto 
speed auto 
! 

interface Serial0/0 

ip address 10.1.1.1 255.255.255.252 
! 

ip forward-protocoI nd 
! 

! 

ip http server 
ip http secure-server 
! 

! 

! 

! 

tftp-server flash :TEST 
! 

control-plane 

! 

! 

! 

line con 0 


line aux 0 



line vty 0 4 
privilege level 15 
password cisco 
! 

! 

end 

R2 Configuration 

R2#show running-config 
Building configuration... 

Current configuration : 795 bytes 
! 

version 12.4 

service timestamps debug datetime msec 
service timestamps log datetime msec 
no service password-encryption 
! 

hostname R2 
! 

boot-start-ma rker 
boot-end-ma rker 
! 

no logging console 
! 

no aaa new-model 
no network-clock-participate slot 1 
no network-clock-participate wic 0 
ip cef 
! 

! 

! 

! 

no ip domain lookup 

i 


multilink bundle-name authenticated 



archive 


log config 
hidekeys 

! 

! 

! 

! 

! 

! 

! 

interface FastEthernetO/O 
ip address 172.16.1.2 255.255.255.0 
duplex auto 
speed auto 
! 

interface Serial0/0 

ip address 10.1.1.2 255.255.255.252 
clock rate 512000 
! 

ip forward-protocoI nd 
! 

! 

ip http server 
ip http authentication local 
no ip http secure-server 
! 

! 

! 

! 

i 



control-plane 


! 

! 

! 

line con 0 
line aux 0 
line vty 0 4 
privilege level 15 
password cisco 
login 
! 

! 

end 
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